* Posts by Sitaram Chamarty

188 publicly visible posts • joined 30 Aug 2008

Page:

India's CERT given exemption from Right To Information requests

Sitaram Chamarty

Hardly surprising.

Anyone who's followed the evolution of India's so-called digital privacy legislation will have realised that, from the first version in 2018 to what it looks like today, every revision (approx once/year) has progressively distanced the government itself from any of its provisions.

For people like me, who believe any government is always a bigger threat than any google/microsoft/whatever (if only because you can't choose to walk away from the former like you can the latter), this basically makes the whole thing moot.

I expect FOI to go the same way, adding more and more exceptions every once in a while till it too becomes as meaningless.

Quantum Key Distribution: Is it as secure as claimed and what can it offer the enterprise?

Sitaram Chamarty

Re: my "QKD for managers"

(saw this while cleaning up some bookmarks, yeah I know it's 2 years old)

QKD has no identity component, as in Alice does not know she's talking to Bob; classical crypto has to step to prove that she is

Sitaram Chamarty

Re: my "QKD for managers"

good article, but interception is not the only problem. With sufficient hardware resources, Eve can implement a true MITM -- get between them and relay messages back and forth -- because QKD has no *identity* component.

Sitaram Chamarty

my "QKD for managers"

Here's what I say when a "manager" asks me about QKD:

QKD is a popular and well known method of extracting money from gullible people -- whether it is in the form of grants, startup funding, or outright "product" purchase. In keeping with "quantum" principles, the person being diddled out of his money cannot simultaneously also *know* that he's being diddled.

More seriously, here's some excellent reading for anyone thinking QKD is actually useful: https://crypto.stackexchange.com/questions/51311/what-makes-quantum-cryptography-secure/51314#51314

Our software is perfect. If something has gone wrong, it must be YOUR fault

Sitaram Chamarty

saw title, assumed you were talking about systemd

am I the only one?

Aussies crowdsource a business case for central bank digital currencies

Sitaram Chamarty

Re: Use case

In India, the UPI infrastructure covers your points a, b, and c for domestic transactions. No one takes a cut, not even a small fixed amount, and it is instantaneous -- about the same speed as SMS or at worst a few seconds more.

(International transactions are not covered by this of course)

On point c, much as I hate the "your papers please" nature of India's Aadhaar, not to mention all the security issues it brings, it *has* helped poor people open bank accounts etc.

Also on point c, I do not think cryptocurrency enables the poor any better; most of them are illiterate, and you're talking about a system where **techno-literate** people regularly get scammed out of their savings, with no legal recourse because "immutable".

In short, I'd say "catering to poor people" is a particularly strong reason **not** to go for a cryptocurrency.

Point d is of course completely out, though most people don't care. I've found places where they discourage cash because it is convenient for the merchant to be paid digitally -- which would not be true if any of the banks in between were taking a cut.

Systemd supremo Lennart Poettering leaves Red Hat for Microsoft

Sitaram Chamarty

Re: People are awful

because you didn't "approach" him right :-) (sarcasm there, just to be clear)

I had a boss like this for several years. A very learned man (though I won't list his qualifications). Very smart, mind like a steel trap, and when you meet him as a relative stranger he would be so amazingly friendly and empathetic and all that.

Sadly, none of that applied if you worked with him or for him. He was easily the worst boss I ever had.

Sitaram Chamarty

El Reg continues to be the only place online whose users generally reflect my own well-considered antipathy to Poettering...

Most other forums have a somewhat different ratio of like/hate than here. It is also quite possible that El Reg readers also have a higher average age than the others (and I am sure my contribution to that average is also high!)

One thing you'll often hear is that shell scripts are baroque, hard to debug, and what not. That may well be true, but you can pick another one if you wish. Meanwhile, those same people fail to mention that this "declarative syntax" has hundreds of keywords. Many of them look very similar, with subtle differences that can trip you up. The values are not always intuitive, but even if they are, you had better RTFM to make sure you're using the right one.

How the hell this is supposed to be easier to learn I do not know -- 90% of the help messages I see on systemd get responses that say "use this [boilerplate]".

A shell script is much more immediately understandable without having to refer to manuals.

Sitaram Chamarty

Re: Depart, I say, and let us have done with you.

Very nicely put.

There are three comments in this thread that are worth bookmarking forever, and this is one of them.

India extends deadline for compliance with infosec logging rules by 90 days

Sitaram Chamarty

fax

would be so cool if everyone used fax

(reports printed in the wingdings font only please!)

It's time to kick China off social media, says tech governance expert

Sitaram Chamarty

> by any chance?

by *every* chance!

Open-source leaders' reputations as jerks is undeserved

Sitaram Chamarty

Re: rude maintainers

if it is Qmail they're talking about, DJB is much more well known now for ChaCha/Salsa stream ciphers, Poly1305 MAC, and the Ed25519 replacements for EdDSA. They're pretty much the standard for "NIST/NSA did not have their sticky fingers in this"-cryptography.

Putin threatens supply chains with counter-sanction order

Sitaram Chamarty

Re: You want to play hardball?

speaking of "bunker" reminds me...

I wonder if there's a Downfall parody of this situation (you know, the one with Hitler ranting) already

Cloudflare stomps huge DDoS attack on crypto platform

Sitaram Chamarty

Re: used to surface Decentralized Finance projects to potential investors

I think it's closer to "expose", thinking back to every time I heard that word in various contexts

Putin reaches for nuclear option: Zuckerberg banned

Sitaram Chamarty

Re: Well, damn

I'm sure there are some nice tourist-worthy cathedrals in the areas where those guys live.

Google issues third emergency fix for Chrome this year

Sitaram Chamarty

Re: How happy I am

> So you use two browsers that could potentially have insecurities or flaws

"potentially" is better than *definitely*

Barely 3 weeks before this, we had CVE 2022-0609 (https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/ -- you don't even need to click it; the URL says it all)

Meta strikes blow against 30% 'App Store tax' by charging 47.5% Metaverse toll

Sitaram Chamarty

Re: Terrific!

I have to admit... I've hated lots of public figures over the years (heck that's half the reason they *exist* right?). But no one, not Bill Gates, not even Steve Ballmer when he was calling Linux a cancer, nor Bezos in his rocket, nor .... [well you get the idea] has ever generated in me the kind of instinctive, visceral, hatred I feel when I see Zuckerburg's picture anywhere.

"A face only a mother could love" has been a standard phrase in literature and humour for decades, but I suspect in this case even that could be a stretch.

Maybe that's just me...

The first step to data privacy is admitting you have a problem, Google

Sitaram Chamarty

meanwhile...

...for those who would like an immediate solution, I suggest installing NetGuard and setting it to block these apps from being able to send/receive data. I recommend setting it to "whitelist" mode, and allowing only the few apps that *you* know absolutely need network access.

NetGuard is open source; you can get it from f-droid also if, like me, you avoid the plague-store.

US warns Chinese chipmakers: Sell to Russia, suffer Huawei's fate

Sitaram Chamarty

> How is that not "dictating anyone's policy but their own"?

because "suffer Huawei's fate" should actually be read "we won't do business with you", so it is still within it's bailiwick

you got fooled by a symlink :) (if you're a unix/linux guy you know what I mean, if you're not you have my apologies for a crappy joke!)

India's Reserve Bank deputy governor calls for crypto ban

Sitaram Chamarty

his boss said: "no underlying asset -- not even a tulip"

that tulip snark was absolutely awesome!

that really made my day last week

indeed, these guys get it!

Worried about occasional npm malware scares? It's more common than you may think

Sitaram Chamarty

node/npm -- the new php

I'm one of those ultra cynics who consistently refused to let PHP on any internet facing server back when I was working on, and had a say in, such things.

Today I consider the node ecosystem to be just as bad in terms of the effort required (not just one time but on an ongoing basis) to keep it secure.

And I don't think I'm alone. I've often found comments on reddit and elsewhere, where, if someone posts a new tool in nodejs, will respond with "Uggh, node!" or "Node? No!" or similar. This is especially true for apps which don't really need to be written in JS (i.e. could have been written in any other language), although I cannot say if those comments are also driven by security concerns or just a general dislike of JS.

The dark equation of harm versus good means blockchain’s had its day

Sitaram Chamarty

Re: We know it has no future

you certainly appear to miss it... you need a "-e" somewhere, and I *think* the g needs to be next to the trailing "/" :)

Intel's recent Atom, Celeron, Pentium chips can be lulled into a debug mode, potentially revealing system secrets

Sitaram Chamarty

not quite

No idea about windows but at least on Linux, for a normal desktop/laptop using dm-crypt/LUKS, the FDE key is encrypted by a stretched version of a *user supplied* key.

There's nothing "stored [...] on the motherboard", and what is stored on disk needs to be brute forced in order to be of any use.

Waterfox: A Firefox fork that could teach Mozilla a lesson

Sitaram Chamarty

Re: Forks are a sign of success.

Agree.

I should add that there's nothing wrong with removing core features and pushing them into addons if they're reasonably similar. Reducing core is always a good thing.

Sitaram Chamarty

Re: Agree

> not using systemd in the way he envisioned

Or using any *other* software in the way his latest patches expect.

There was an incident with kernel cmdline (debug flag? don't remember) where Linus had to come down hard on this jackass and his minions, if I recall, because the then-latest systemd prevented something that was working before, but these people tried to claim the other guys need to change.

Yeah that was rambling, but this was some years ago so I don't quite recall the details.

Sitaram Chamarty

Re: Palemoon, check. Seamonkey, check.

> Configuring pulse audio to work with these firefox instances running under sudo wasn't easy

huh! I use a sudo based scheme to setup different firefox instances (one for every site I need a login for, and one for others; currently have 11 such userids)

only one of them needs sound, and it was a simple matter of adding that user to the group "audio"; never had to mess with PA networking

India's Supreme Court starts probe into use of Pegasus spyware

Sitaram Chamarty

indeed...

I read it first in https://indianexpress.com/article/explained/pegasus-snoop-allegations-sc-moved-the-needle-on-privacy-press-freedom-govt-security-alibi-7594235/

I particularly liked phrases like "should not take an adversarial position when the fundamental rights of citizens are at threat", "refused to accept the sweeping use of national security to deny information to the court", and several other bits.

Warmed my heart it did!

Git 2.33 released with new optional merge process likely to become the default: It's 'over 9,000' times faster

Sitaram Chamarty

that sqlite guy

...while no doubt brilliant with sqlite, is completely and utterly wrong about rebase.

why he and his ilk continue to confuse "rebase in your private repo before pushing it up for the world to see" with "rebase a published tree and confuse the heck out of the other developers" I could never understand.

It's like saying there should not be a backspace key on the keyboard.

In Search of Lost Time: GNU Grep 3.7 released with fix for 'extreme performance degradation'

Sitaram Chamarty
Thumb Down

ack? NAK!

I was a great fan of ack once upon a time, till one day I nearly lost data to it.

https://groups.google.com/g/ack-users/c/oa82NsPqhvo/m/Y2f0RTnY5dEJ

when someone else ran into similar problems and asked for documentation on how ack chooses what files to search and what files to ignore, the author's reply was "There's no English that explains how it works". https://groups.google.com/g/ack-users/c/rmRt92zBUlk/m/R6s85VhhDLoJ

Still being a fan (but thinking hard about why), I wrote it up, https://groups.google.com/g/ack-users/c/kdlaASvikFo/m/1ObiGm1L_yUJ and asked the author to include it in the docs somewhere. His response? "In my copious free time".

Sure this was back in 2009, but it still rankles. I have a long memory for open source authors who deal like this with users.

Thunderbird 91 lands: Now native on Apple Silicon, swaps 'master' for 'primary' password, and more

Sitaram Chamarty

meanwhile, over on a work-mandated Xubuntu laptop...

...Evolution + Evolution-EWS work fine. No fee to pay, and I get calendar invites too

Sitaram Chamarty

Re: Primary?

indeed it is. In an earlier thread on some other article I had mentioned that I am an India, El Reg is Brit, and in both countries the head (real, not titular) of the government is... wait for it... the *Prime* Minister :-) Can't get more elitist than "head of country"

NSO Group 'will no longer be responding to inquiries' about misuse of its software

Sitaram Chamarty

I wish...

the NSO chief and/or senior officers had attractive twitter handles.

NPM is Now Providing Malware – or was until recently

Sitaram Chamarty

there's supply chain attacks...

and then there's NPM, which is in a whole class by itself in terms of problems.

At least that's the impression my mind carries, from what I remember of various news items over the years. It's bad enough that I won't install any NPM or Node based software on my primary laptop.

So nice of China to put all of its network zero-day vulns in one giant database no one will think to break into

Sitaram Chamarty

ETERNALBLUE jealousy

someone in China is jealous of the NSA and how they found and hoarded ETERNALBLUE!

Reserve Bank of India warns against Big Tech's potential to dominate financial services

Sitaram Chamarty

Re: Communist struggle

> I doubt they are particularly concerned about their citizens economic wellbeing.

Let me fix that for you:

"I doubt they are particularly concerned about their citizens wellbeing."

Google tweaks Android Messages app to auto-classify or auto-delete messages

Sitaram Chamarty

Re: One time passwords

That reluctance has nothing to do with google, as the phone provider.

Banks and other such entities would have a much more expensive, and possibly even confusing to many, provisioning workflow if they moved away from SMS.

If you're wondering why TOTP would be confusing, I can only say you're extrapolating from the audience of *this* site.

Also, SMS is not so bad here. There's a rule (law? not sure) that all incoming and outgoing SMSs are blocked for 24 hours on any new SIM activation. Raises the bar quite a bit for SIM jacking attacks.

Pull your Western Digital My Book Live NAS off the internet now if you value your files

Sitaram Chamarty

saved me the trouble...

came here to say I have zero sympathy for people who have TERABYTES of data but no backups...

saw that it's already been said, and much better too!

Will the real IRC please stand up? Freenode’s forest fire leaves ashes – and fresh growth

Sitaram Chamarty

what?

no idea what you're on about man. I've never seen anything remotely like this in various channels. All tech channels though.

The non-tech stuff I suppose is another story, but even then I suspect there are gradations.

What is it with Facebook and screwing democracies? Now calls for Prime Minister Modi to resign censored in India

Sitaram Chamarty

I wish...

I wish I could say that was entirely true.

I mean, I agree it's not religion. The various religious gathering contributed only a little

But it's not caste either. Wealth and power trump caste any day, yet the Chief Minister of Telangana (KCR) and his son (KTR) are covid-positive.

I can only see elections as the primary problem. I'm also basing my opinion on a couple of very recent news items (27th April; 2 days ago):

- https://indianexpress.com/article/india/as-covid-curve-and-deaths-surged-hardly-a-blip-on-election-commission-radar-7290505/

- https://www.deccanchronicle.com/nation/current-affairs/270421/election-commission-should-be-charged-with-murder-madras-hc.html

GitLab latest to ditch 'master' as default initial branch name: It's now simply called 'main'

Sitaram Chamarty

Re: Aargh...

I like to point out that "person" has "son" in it :-)

Sitaram Chamarty

Re: In me yoof...

I believe "taking insult on other people's behalf" is more commonly called "virtue signalling" :-)

India pauses blockchain-powered SMS spam-scrubber after it swallows people's one-time login codes

Sitaram Chamarty

Re: Maybe that explains why they've made such a hash of it....

this place is peppered with comedians!

The wrong guy: Backup outfit Spanning deleted my personal data, claims Cohesity field CTO

Sitaram Chamarty

this guy is a STORAGE EXEC

wow...

unlike some of you guys, I have no sympathy for him. He definitely should know better.

Perl.com theft blamed on social engineering attack: Registrar 'convinced' to alter DNS records by miscreants

Sitaram Chamarty

a few years ago...

maybe 2014, or 2015, or thereabouts, TCS (my employer, Tata Consultancy Services) was "hacked" (1) the same way.

I'm really too lazy to look it up but I think that was also NetSol when that happened.

Looks like they haven't learnt any lessons or modified any of their processes to cover this!

----

(1) "hacked", in quotes because everyone said we got hacked and we had to go around explaining that it was actually the DNS provider that was "hacked"

Splunk junks 'hanging' processes, suggests you don't 'hit' a key: More peaceful words now preferred in docs

Sitaram Chamarty

say primary instead of master?

to avoid elitism?

well, I'm an Indian, El Reg is Brit -- in both countries, our head of government (1) is the *Prime* Minister, not the *Master* Minister.

Can you get more elitist than "the head of the entire country"?

f-ing virtue signalling corporate jackasses...

(1) the real one, not the titular one

One malicious MMS is all it takes to pwn a Samsung smartphone: Bug squashed amid Android patch batch

Sitaram Chamarty

Re: if I did get one I would probably just delete it sight-unseen

not when "auto-retrieve" is off.

The message has not been retrieved.

Indian Railways suffers unspecified security 'breaches in various IT applications'

Sitaram Chamarty

implications for normal people

Implications for normal people are likely to be

- non-financial data: name, age, train travel history, phone number, email address

- financial data: minimal or not at all (IMO)

It's been ages since I booked a ticket on IRCTC, but purchases in India are almost never of the "merchant knows your credit card number and has to keep it safe" type. Most people use "Net Banking", where the merchant does not know anything. It's somewhat like how the initial authentication flow of OAuth works -- you get directed from the merchant to your bank, you login there, accept the payment, and you are then sent back to the merchant, except in this case the merchant does not even know your account number in the bank, though he does know *which* bank you went to.

Devuan adds third init option in sixth birthday release

Sitaram Chamarty

telecom secor naming...

3gpp has "evolved nodeB" and "next generation nodeB".

Damned if I know which comes first!

Wells Fargo patent troll case has finance world all aquiver so Barclays, TD Bank sign up to Open Invention Network

Sitaram Chamarty
WTF?

USAA a patent troll?

I'm curious why USAA has been labelled a troll (if I connect the headline to the details correctly).

Wasn't troll supposed to denote entity that don't actually use the tech themselves in some way? I.e., a "non-practicing entity"

USAA is hardly a "non-practicing entity", in fact quite the opposite.

Decade-old bug in Linux world's sudo can be abused by any logged-in user to gain root privileges

Sitaram Chamarty

Re: How is this possible?

I think he meant to include C++ in what he said.

I hear Rust is becoming very popular...

Page: